J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1618
    posted: 03/02/10
  • NSM Daily Update #1618
    posted: 03/02/10
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1618
    posted: 03/02/10
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 03/02/10
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 03/01/10

Title: Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities

Severity: CRITICAL

Description:

Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges.

Multiple remote buffer overflow vulnerabilities have been reported for Samba and Samba-TNG. The overflows are reported to occur in both stack and heap-based memory. This issue occurs due to insufficient bounds checking when copying user-supplied data to internal buffers.

Although it has not been confirmed, it is likely that these issues can be exploited to execute arbitrary code, with the privileges of Samba (which typically runs as root).

These issues are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1.

The precise technical details regarding these vulnerabilities is currently unknown. This BID will be updated as further information is made available.

It should be noted that these vulnerabilities may be similar to the issue described in BID 7294.

** Reports suggest that an automated attack utility may be actively exploiting this vulnerability likely through a bruteforce attack. Although unconfirmed, it may be possible that this may be a worm.

The attack utility has been reported to create the following files:
/usr/bin/systemf - used to change file modification times
/etc/rc.local - used to start inetd and a trojaned sshd listening on port 44444
/usr/bin/netstats - a renamed /usr/bin/netstat
/usr/bin/netstat
/dev/fd/.99 - likely the trojaned sshd
/usr/lib/.fx - another location for the trojaned sshd

Reportedly, the trojaned SSH daemon listens for connections on port 44444.

This attack utility was only observed to be attacking FreeBSD systems however, it is likely that other systems are also affected.

Affected Products:

  • Apple Mac OS X 10.2.0
  • Apple Mac OS X 10.2.1
  • Apple Mac OS X 10.2.2
  • Apple Mac OS X 10.2.3
  • Apple Mac OS X 10.2.4
  • Apple Mac OS X Server 10.2.4
  • Caldera OpenLinux 2.3.0
  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Compaq Tru64 4.0.0 B
  • Compaq Tru64 4.0.0 D
  • Compaq Tru64 4.0.0 d PK9 (BL17)
  • Compaq Tru64 4.0.0 f
  • Compaq Tru64 4.0.0 f PK6 (BL17)
  • Compaq Tru64 4.0.0 f PK7 (BL18)
  • Compaq Tru64 4.0.0 g
  • Compaq Tru64 4.0.0 g PK3 (BL17)
  • Compaq Tru64 5.0.0
  • Compaq Tru64 5.0.0 PK4 (BL17)
  • Compaq Tru64 5.0.0 PK4 (BL18)
  • Compaq Tru64 5.0.0 a
  • Compaq Tru64 5.0.0 a PK3 (BL17)
  • Compaq Tru64 5.0.0 f
  • Compaq Tru64 5.1.0
  • Compaq Tru64 5.1.0 B
  • Compaq Tru64 5.1.0 PK3 (BL17)
  • Compaq Tru64 5.1.0 PK4 (BL18)
  • Compaq Tru64 5.1.0 PK5 (BL19)
  • Compaq Tru64 5.1.0 PK6 (BL20)
  • Compaq Tru64 5.1.0 a
  • Compaq Tru64 5.1.0 a PK1 (BL1)
  • Compaq Tru64 5.1.0 a PK2 (BL2)
  • Compaq Tru64 5.1.0 a PK3 (BL3)
  • Compaq Tru64 5.1.0 b PK1 (BL1)
  • Conectiva Linux 4.0.0
  • Conectiva Linux 4.0.0 es
  • Conectiva Linux 4.1.0
  • Conectiva Linux 4.2.0
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux ecommerce
  • Conectiva Linux graficas
  • Debian Linux 2.1.0
  • Debian Linux 2.2.0
  • Debian Linux 2.2.0 68k
  • Debian Linux 2.2.0 alpha
  • Debian Linux 2.2.0 arm
  • Debian Linux 2.2.0 powerpc
  • Debian Linux 2.2.0 sparc
  • Debian Linux 2.3.0
  • Debian Linux 2.3.0 alpha
  • Debian Linux 2.3.0 powerpc
  • Debian Linux 2.3.0 sparc
  • Debian Linux 3.0.0
  • Debian Linux 3.0.0 alpha
  • Debian Linux 3.0.0 arm
  • Debian Linux 3.0.0 hppa
  • Debian Linux 3.0.0 ia-32
  • Debian Linux 3.0.0 ia-64
  • Debian Linux 3.0.0 m68k
  • Debian Linux 3.0.0 mips
  • Debian Linux 3.0.0 mipsel
  • Debian Linux 3.0.0 ppc
  • Debian Linux 3.0.0 s/390
  • Debian Linux 3.0.0 sparc
  • FreeBSD FreeBSD 4.6.0
  • FreeBSD FreeBSD 4.7.0
  • FreeBSD FreeBSD 4.8.0
  • FreeBSD FreeBSD 5.0.0
  • Gentoo Linux 1.4.0 _rc3
  • HP CIFS/9000 Server A.01.05
  • HP CIFS/9000 Server A.01.06
  • HP CIFS/9000 Server A.01.07
  • HP CIFS/9000 Server A.01.08
  • HP CIFS/9000 Server A.01.08.01
  • HP CIFS/9000 Server A.01.09
  • HP CIFS/9000 Server A.01.09.01
  • HP CIFS/9000 Server A.01.09.02
  • HP HP-UX 10.0.0 1
  • HP HP-UX 10.20.0
  • HP HP-UX 10.24.0
  • HP HP-UX 11.0.0
  • HP HP-UX 11.0.0 4
  • HP HP-UX 11.11.0
  • HP HP-UX 11.20.0
  • HP HP-UX 11.22.0
  • MandrakeSoft Corporate Server 2.1.0
  • MandrakeSoft Corporate Server 2.1.0 x86_64
  • MandrakeSoft Linux Mandrake 7.0.0
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.1.0 ia64
  • MandrakeSoft Linux Mandrake 8.2.0
  • MandrakeSoft Linux Mandrake 8.2.0 ppc
  • MandrakeSoft Linux Mandrake 9.0.0
  • MandrakeSoft Linux Mandrake 9.1.0
  • MandrakeSoft Linux Mandrake 9.1.0 ppc
  • MandrakeSoft Linux Mandrake 9.2.0
  • MandrakeSoft Linux Mandrake 9.2.0 amd64
  • MandrakeSoft Multi Network Firewall 2.0.0
  • OpenPKG OpenPKG 1.0.0
  • OpenPKG OpenPKG 1.1.0
  • OpenPKG OpenPKG 1.2.0
  • Progeny Debian 1.0.0
  • RedHat Linux 4.2.0
  • RedHat Linux 5.2.0 i386
  • RedHat Linux 6.0.0
  • RedHat Linux 6.1.0 alpha
  • RedHat Linux 6.1.0 i386
  • RedHat Linux 6.1.0 sparc
  • RedHat Linux 6.2.0
  • RedHat Linux 6.2.0 E alpha
  • RedHat Linux 6.2.0 E i386
  • RedHat Linux 6.2.0 E sparc
  • RedHat Linux 6.2.0 alpha
  • RedHat Linux 6.2.0 i386
  • RedHat Linux 6.2.0 sparc
  • RedHat Linux 6.2.0 sparcv9
  • RedHat Linux 7.0.0
  • RedHat Linux 7.0.0 i386
  • RedHat Linux 7.0.0 i686
  • RedHat Linux 7.1.0
  • RedHat Linux 7.1.0 i386
  • RedHat Linux 7.1.0 i586
  • RedHat Linux 7.1.0 i686
  • RedHat Linux 7.2.0
  • RedHat Linux 7.2.0 athlon
  • RedHat Linux 7.2.0 i386
  • RedHat Linux 7.2.0 i586
  • RedHat Linux 7.2.0 i686
  • RedHat Linux 7.2.0 ia64
  • RedHat Linux 7.3.0
  • RedHat Linux 7.3.0 i386
  • RedHat Linux 7.3.0 i686
  • RedHat Linux 8.0.0
  • RedHat Linux 8.0.0 i386
  • RedHat Linux 8.0.0 i686
  • RedHat Linux 9.0.0 i386
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.1.0 x86
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.2.0 i386
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.0.0 i386
  • S.u.S.E. Linux 8.1.0
  • S.u.S.E. Linux Personal 8.2.0
  • SCO eDesktop 2.4.0
  • SCO eServer 2.3.1
  • Samba Samba 2.0.0 .0
  • Samba Samba 2.0.1
  • Samba Samba 2.0.10
  • Samba Samba 2.0.2
  • Samba Samba 2.0.3
  • Samba Samba 2.0.4
  • Samba Samba 2.0.5
  • Samba Samba 2.0.6
  • Samba Samba 2.0.7
  • Samba Samba 2.0.8
  • Samba Samba 2.0.9
  • Samba Samba 2.2.0 .0
  • Samba Samba 2.2.0 .0a
  • Samba Samba 2.2.1 a
  • Samba Samba 2.2.2
  • Samba Samba 2.2.3
  • Samba Samba 2.2.3 a
  • Samba Samba 2.2.3 a
  • Samba Samba 2.2.4
  • Samba Samba 2.2.5
  • Samba Samba 2.2.5
  • Samba Samba 2.2.6
  • Samba Samba 2.2.7
  • Samba Samba 2.2.7 a
  • Samba Samba 2.2.8
  • Samba-TNG Samba-TNG 0.3.0
  • Samba-TNG Samba-TNG 0.3.1
  • Slackware Linux 8.0.0
  • Slackware Linux 8.1.0
  • Sun Cobalt Qube3 4000WG
  • Sun Cobalt RaQ 550 4100R
  • Sun Cobalt RaQ XTR 3500R
  • Sun Cobalt RaQ4 3001R
  • Sun LX50
  • Sun Linux 5.0.0
  • Sun Linux 5.0.6
  • Sun Solaris 2.5.1
  • Sun Solaris 2.5.1_ppc
  • Sun Solaris 2.5.1_x86
  • Sun Solaris 2.6
  • Sun Solaris 2.6_x86
  • Sun Solaris 7.0
  • Sun Solaris 7.0_x86
  • Sun Solaris 8
  • Sun Solaris 8_x86
  • Sun Solaris 9
  • Sun Solaris 9_x86
  • Trustix Secure Linux 1.1.0
  • Trustix Secure Linux 1.2.0
  • Trustix Secure Linux 1.5.0
  • Turbolinux Appliance Server Hosting Edition 1.0.0
  • Turbolinux Appliance Server Workgroup Edition 1.0.0
  • Turbolinux Home
  • Turbolinux Turbolinux Desktop 10.0.0
  • Turbolinux Turbolinux Server 7.0.0
  • Turbolinux Turbolinux Server 8.0.0
  • Turbolinux Turbolinux Workstation 7.0.0
  • Turbolinux Turbolinux Workstation 8.0.0
  • Veritas Software ServPoint NAS 1.1.0
  • Veritas Software ServPoint NAS 1.2.0
  • Veritas Software ServPoint NAS 1.2.1
  • Veritas Software ServPoint NAS 1.2.2
  • Veritas Software ServPoint NAS 3.5.0
  • WireX Immunix OS 6.2.0
  • WireX Immunix OS 7+
  • WireX Immunix OS 7.0.0
  • WireX Immunix OS 7.0.0 -Beta

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.